Blackhat Hacking | The Freedom Of Learning

😍 What is bug bounty? 😍

Identification and reporting of bugs and vulns in a responsible way.

2. All depends on interest and hardwork, not on degree, age, branch, college, etc.

2. What to study?

1. Internet, HTTP, TCP/IP
2. Networking
3. Command line
4. Linux
5. Web technologies, javascript, php, java
6. Atleast 1 prog language (Python/C/JAVA/Ruby..)

3. Choose your path (imp)

1. Web pentesting
2. Mobile pentesting
3. Desktop apps

4. Resources

1. Books

1. For web
1. Web app hackers handbook
2. Web hacking 101
3. Hacker's playbook 1,2,3
4. Hacking art of exploitation
5. Mastering modern web pen testing
6. OWASP Testing guide

2. For mobile
1. Mobile application hacker's handbook

2. Youtube channels

1. Hacking
1. Live Overflow
2. Hackersploit
3. Bugcrowd
4. Hak5
5. Hackerone
2. Programming
1. thenewboston
2. codeacademy

3. Writeups, Articles, blogs

1. Medium (infosec writeups)
2. Hackerone public reports
3. owasp.org
4. Portswigger
5. Reddit (Netsec)
6. DEFCON conference videos
7. Forums

5. Practice (imp)

1. Tools
1. Burpsuite
2. nmap
3. dirbuster
4. sublist3r
5. Netcat

2. Testing labs

1. DVWA
2. bWAPP
3. Vulnhub
4. Metasploitable
5. CTF365
6. Hack the box

6. Start!

1. Select a platform
1. Hackerone
2. Bugcrowd
3. Open bug bounty
4. Zerocopter
5. Antihack
6. Synack (private)

1. Choose wisely (first not for bounty)
2. Select a bug for hunt
3. Exhaustive search
4. Not straightforward always

REPORT:

5. Create a descriptive report
6. Follow responsible disclosure
7. Create POC and steps to reproduce

7. Words of wisdom

1. PATIENCE IS THE KEY, takes years to master, don't fall for overnight success
2. Do not expect someone will spoon feed you everything.
3. Confidence
4. Not always for bounty
5. Learn a lot
6. Won't find at the beginning, don't lose hope
7. Stay focused
8. Depend on yourself
9. Stay updated with infosec world

➖@BlackHat_Hacking ➖

🔴🔴 𝙿𝙰𝚁𝚃 3 🔴🔴
𝚂𝙾 𝙷𝙴𝚁𝙴 𝙸𝚂 𝚃𝙷𝙴 𝙽𝙴𝚇𝚃 𝙰𝚁𝚃𝙸𝙲𝙻𝙴 𝙾𝙽 𝚂𝚂7

SS7 attacks can be used to bypass encryption
You can see the implication of hackers and cybercriminals tapping into that kind of data. And this is exactly what is happening. With just your phone number (which is an easily obtainable piece of public information), someone who has hacked into SS7 can:

Forward your calls and record or listen in to them
Read SMS text messages sent between devices
Track the location of a phone
What’s more worrying is that because SS7 allows attackers to read SMS messages, they can also bypass the end-to-end encryption provided by services such as WhatsApp, Telegram, Facebook, etc. This is possible due to an encryption workaround that uses a flaw in two-factor authentication.

For example, to log into Facebook on a new device, you need to fill in a password and a second code, which is sent to you via SMS. Because SS7 exploits allow reading such text messages, the attackers can obtain that code and log in with the user’s credentials. Using an identical approach, cybercriminals have been able to steal money from German banks.

To counter such attacks, you must first stop using regular calls and text messages, and opt for end-to-end encrypted chat and VoIP. Then, you might want to do away with regular telephony and SMS altogether – like we have done for Secure Phone. For more reliable two-factor authentication, you can use a token or an extra password, which is not sent to you via text, but through an encrypted channel.

🔴🔴 DIFFERENT SOURCES + PERSONAL KNOW.🔴🔴

𝙰𝚁𝚃𝙸𝙲𝙻𝙴 𝙱𝚈 :- @gustyvj
💥💥💥💥💥💥💥💥💥💥💥💥
𝙲𝙾𝙿𝚈 𝚆𝙸𝚃𝙷 𝙲𝚁𝙴𝙳𝙸𝚃S

➖@BlackHat_Hacking ➖